SLSA levels & provenance
The Build track, L1–L3, and non-falsifiable provenance.
SLSA (Supply-chain Levels for Software Artifacts) is the framework that turns "trust our builds" into a graded, checkable standard. Its core idea is provenance — a verifiable record of how an artifact was built — and its levels describe how hard that provenance is to forge.
The Build track and its levels
SLSA v1.0 formalizes the Build track. Level 0 is no guarantees. Level 1 requires that provenance exists — the build produces a record of its inputs and process, so consumers can inspect it. Level 2 adds a hosted build platform and signed provenance, raising the bar beyond a script on a laptop. Level 3 is the meaningful security threshold: a hardened, isolated build platform that produces non-falsifiable provenance — the build cannot forge a clean record of itself, because the platform, not the build steps, generates and signs it. Higher levels are about the trustworthiness of the provenance, not the absence of bugs.
# A SLSA provenance predicate (simplified) — the "birth certificate":{"buildType": "https://github.com/actions/workflow@v1","builder": { "id": "https://github.com/acme/api/.github/workflows/release.yml@refs/heads/main" },"invocation": { "configSource": {"uri": "git+https://github.com/acme/api@refs/heads/main","digest": { "sha1": "a3f0c7e1..." } } }, # exact source commit"materials": [ { "uri": "pkg:deb/...", "digest": {"sha256":"..."} } ] # pinned inputs}# Subject: the artifact digest this provenance describes (sha256:...).
Why L3 is the goal
At L1/L2 a sufficiently-compromised build could still lie about itself. L3’s isolation and platform-generated provenance make that infeasible: the provenance is produced outside the influence of the build steps and cryptographically bound to the exact source and inputs, so a downstream verifier can trust "this artifact was built from commit X by builder Y" as fact. Reusable, hardened build platforms (GitHub’s SLSA generator, hosted builders) make reaching L3 practical without running your own hardened infrastructure. Provenance is necessary but not sufficient — you still sign it and verify it at a gate.